CVE-2022-25791
📋 TL;DR
A memory corruption vulnerability in Autodesk AutoCAD and Navisworks allows attackers to execute arbitrary code by tricking users into opening malicious DWF/DWFX files. This affects AutoCAD 2019-2022 and Navisworks 2022 users. Successful exploitation could give attackers full control of the affected system.
💻 Affected Systems
- Autodesk AutoCAD
- Autodesk Navisworks
📦 What is this software?
Advance Steel by Autodesk
Advance Steel by Autodesk
Advance Steel by Autodesk
Advance Steel by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad by Autodesk
Autocad Lt by Autodesk
Autocad Lt by Autodesk
Autocad Lt by Autodesk
Autocad Lt by Autodesk
Autocad Mep by Autodesk
Autocad Mep by Autodesk
Autocad Mep by Autodesk
Autocad Mep by Autodesk
Civil 3d by Autodesk
Civil 3d by Autodesk
Civil 3d by Autodesk
Civil 3d by Autodesk
Navisworks by Autodesk
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control, data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation leading to data exfiltration, malware installation, or persistence establishment on the compromised workstation.
If Mitigated
Limited impact with proper application whitelisting, file validation, and user training preventing malicious file execution.
🎯 Exploit Status
Exploitation requires user interaction to open malicious files. No public exploit code available as of analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: AutoCAD 2022.1.3, 2021.1.4, 2020.1.6, 2019.1.4; Navisworks 2022.2
Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005
Restart Required: Yes
Instructions:
1. Open Autodesk Desktop App or Autodesk Account. 2. Check for available updates. 3. Install the security update for your version. 4. Restart the application and system.
🔧 Temporary Workarounds
Block DWF/DWFX file extensions
windowsPrevent execution of potentially malicious DWF/DWFX files via group policy or application control.
Group Policy: Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules > New Path Rule: *.dwf, *.dwfx
Disable automatic file opening
windowsConfigure AutoCAD/Navisworks to prompt before opening any DWF/DWFX files.
In AutoCAD: OPTIONS > System > General Options > uncheck 'Allow opening of non-native DWG files'
🧯 If You Can't Patch
- Implement application whitelisting to only allow trusted AutoCAD/Navisworks executables.
- Train users to only open DWF/DWFX files from trusted sources and verify file integrity.
🔍 How to Verify
Check if Vulnerable:
Check AutoCAD version via Help > About or run 'acad.exe /version' in command prompt. Compare against vulnerable versions.Check Version:
For AutoCAD: 'acad.exe /version' or check Help > About. For Navisworks: check Help > About.Verify Fix Applied:
Verify installed version matches patched versions: AutoCAD 2022.1.3+, 2021.1.4+, 2020.1.6+, 2019.1.4+; Navisworks 2022.2+.📡 Detection & Monitoring
Log Indicators:
- Unexpected AutoCAD/Navisworks crashes with DWF/DWFX files
- Suspicious child processes spawned from AutoCAD/Navisworks
- File access to unusual DWF/DWFX locations
Network Indicators:
- Outbound connections from AutoCAD/Navisworks to unknown IPs
- DNS requests for suspicious domains after file opening
SIEM Query:
Process Creation: (Image contains 'acad.exe' OR Image contains 'navisworks.exe') AND (CommandLine contains '.dwf' OR CommandLine contains '.dwfx')